dockerdocker-registry

What is the docker registry v2 API endpoint to get the digest for an image?


According to https://docs.docker.com/registry/spec/api/ I can call /v2/<name>/tags/list to get a list of the tags for a given image. It works fine, e.g.:

{"name"=>"avi/test", "tags"=>["latest"]}

However, I would like the digest for each tag. Yes, the "digest" is actually the hash of the manifest (at least as I best understood it from the API; not 100% clear). However, I would like a way of knowing what a unique identifier for "latest" (and every other tag) is.

Use case: I might have someone tag a version as latest, and want to check if it is up to date:

docker push avi/test:2.6
docker tag avi/test:2.6 avi/test:latest
docker push avi/test:latest
# build 2.7
docker push avi/test:2.7
# oops! Forgot to tag latest to 2.7

In the above case, if I can check not just the tags - which will give me "2.6", "2.7", "latest" - but also the digest (at least of the manifest), I can find what various tags point to, audit, etc.


Solution

  • AFAIK, there isn't a digest API. However, according to the v2 API spec you can do a HEAD or GET request against /v2/<name>/manifests/<reference>. The response will include a Docker-Content-Digest header containing the digest of the specified manifest (e.g. latest).